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IN THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently Amended) A method comprising: 

receiving at least one protocol state machine definition for a network protocol, said 
protocol state machine definition including a plurality of protocol state rules expressed in a text 
format; 

parsing the at least one protocol state machine definition to form a set of parsed protocol 
state rules in a binary format, said parsed protocol state rules including at least one condition and 
at least one action associated with the condition , the at least one action comprising instantiation 
of a filter for the network flow from the set of filters and further the at least one action 
comprising saving the result of the at least one action for use in a later executed rule in the set of 
parsed protocol state rules : 

storing a set of filters in a filter database; 

receiving a network flow, said flow including a plurality of packets; [[and]] 

applying one or more of the parsed protocol state rules to the plurality of packets in the 

network flow; 

saving a result from at least a first rule of the parsed protocol state rules to create a saved 
result; and 

executing a second rule of the parsed protocol state rules, wherein the second rule uses 
the saved result to determine a result for the second rule. 

wherein the at least one action comprises the inatantiation of a filter for the network flow 
from the set of filters and further wherein the at least one action comprises saving the resu lt of 
the at least one action for use in a later executed rule in the sot of parsed protocol state rules. 



2. (Original) The method of claim 1, wherein the protocol state rules include rules for analyzing 
a context for the network flow. 
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3. (Original) The method of claim 2, wherein the context for the network flow includes an 
application layer context. 

4. (Original) The method of claim 1 wherein the filter comprises a dynamic filter that is 
instantiated for the duration of the network flow. 

5. (Original) The method of claim 1, wherein the filter comprises a static filter that is applied 
during an initiation of the network flow. 

6. (Canceled) 

7. (Currently Amended) The method of claim [[6]] 1, further comprising maintaining an 
expected state for the network flow utilizing the saved result. 



8. (Original) The method of claim 1, wherein the at least one action comprises activating a rule 
in the set of parsed protocol state rules. 
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9. (Currently Amended) A system comprising: 

one or more processors; 

a parser operable executable by the one or more processors to parse at least one protocol 
state machine definition for a network protocol to a set of parsed protocol state rules in a binary 
format, said protocol state machine definition including a plurality of protocol state rules 
expressed in a text format, said parsed protocol state rules including at least one condition and at 
least one action associated with the condition , the at least one action comprising instantiation of a 
filter for the network flow from the set of filters and further the at least one action comprising 
saving the result of the at least one action for use in a later executed rule in the set of parsed 
protocol state rules : 

a filter database operable to store a set of filters in a filter database; and 

a protocol analysis engine operable executable by the one or more processors to: 
receive a network flow, said flow including a plurality of packets^; and]] 
apply the parsed protocol state rules to the plurality of packets in the network 

flow[[;]L 

save a result from at least a first rule of the parsed protocol state rules to create a 
saved result; and 

execute a second rule of the parsed protocol state rules, wherein the second rule 
uses the saved result to determine a result for the second rule. 

wherein the at least one action comprises the instantiation of a filter for the network flow 
from the set of filters and further wherein the at least one action saves the result of the at least 
one action for use in a later executed rule in the set of parsed protocol state rules. 

10. (Original) The system of claim 9, wherein the protocol state rules include rules to analyze a 
context for the network flow. 



1 1 . (Original) The system of claim 10, wherein the context for the network flow includes an 
application layer context. 
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12. (Original) The system of claim 9 wherein the filter comprises a dynamic filter that is 
instantiated for the duration of the network flow. 



13. (Original) The system of claim 9, wherein the filter comprises a static filter that is applied 
during an initiation of the network flow. 

14. (Canceled) 

15. (Previously Presented) The system of claim 9, wherein the at least one action deactivates a 
rule in the set of parsed protocol state rules. 

16. (Original) The system of claim 9, wherein the at least one action comprises activates a rule 
in the set of parsed protocol state rules. 

1 7. (Original) The system of claim 9, wherein the protocol analysis engine is further operable to 
maintain a state table for the network flow. 
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18. (Currently Amended) A tangible machine readable medium storing machine executable 
instructions for performing a method comprising: 

receiving at least one protocol state machine definition for a network protocol, said 
protocol state machine definition including a plurality of protocol state rules expressed in a text 
format; 

parsing the at least one protocol state machine definition to form a set of parsed protocol 
state rules in a binary format, said parsed protocol state rules including at least one condition and 
at least one action associated with the condition , the at least one action comprising instantiation 
of a filter for the network flow from the set of filters and further the at least one action 
comprising saving the result of the at least one action for use in a later executed rule in the set of 
parsed protocol state rules ; 

storing a set of filters in a filter database; 

receiving a network flow, said flow including a plurality of packets; [[and]] 
applying the parsed protocol state rules to the plurality of packets in the network flow; 
saving a result from at least a first rule of the parsed protocol state rules to create a saved 
result; and 

executing a second rule of the parsed protocol state rules, wherein the second rule uses 
the saved result to determine a result for the second rule. 

wherein the at least one action comprises the instantiation of a filter for the network flow 
from the sot of filters and further wherein the at least one action comprises saving the result of 
the at least one action for use in a later cjcccutcd rule in the se t o f parsed protocol state rules. 

19. (Original) The machine readable medium of claim 18, wherein the protocol state rules 
include rules for analyzing a context for the network flow. 

20. (Original) The machine readable medium of claim 1 9, wherein the context for the network 
flow includes an application layer context. 
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21 . (Original) The machine readable medium of claim 1 8 wherein the filter comprises a 
dynamic filter that is instantiated for the duration of the network flow. 

22. (Original) The machine readable medium of claim 1 8, wherein the filter comprises a static 
filter that is applied during an initiation of the network flow. 

23. (Canceled) 

24. (Original) The machine readable medium of claim 18, wherein the at least one action 
comprises deactivating a rule in the set of parsed protocol state rules. 



25. (Original) The machine readable medium of claim 1 8, wherein the at least one action 
comprises activating a rule in the set of parsed protocol state rules. 



